Beruflich Dokumente
Kultur Dokumente
https://ssd.e.org/en/playlist/want-security-start...
(/en)
1 din 3
10.11.2014 21:44
https://ssd.e.org/en/playlist/want-security-start...
Write down a list of data that you keep, where its kept, who has access to it,
and what stops others from accessing it.
In order to answer the second question, Who do you want to protect it from ,
its important to understand who might want to target you or your information,
or who is your adversary (/en/glossary/adversary). An adversary is any
person or entity that poses a threat (/en/glossary/threat) against an asset or
assets. Examples of potential adversaries are your boss, your government, or a
hacker on a public network.
Make a list of who might want to get ahold of your data or communications. It
might be an individual, a government agency, or a corporation.
A threat is something bad that can happen to an asset. There are numerous
ways that an adversary can threaten your data. For example, an adversary can
read your private communications as they pass through the network, or they
can delete or corrupt your data. An adversary could also disable your access to
your own data.
The motives of adversaries differ widely, as do their attacks. A government
trying to prevent the spread of a video showing police violence may be
content to simply delete or reduce the availability of that video, whereas a
political opponent may wish to gain access to secret content and publish it
without you knowing.
Write down what your adversary might want to do with your private data.
The capability of your attacker is also an important thing to think about. For
example, your mobile phone provider has access to all of your phone records
and therefore has the capability to use that data against you. A hacker on an
open Wi-Fi network can access your unencrypted communications. Your
government might have stronger capabilities.
A final thing to consider is risk (/en/glossary/risk-analysis). Risk is the
likelihood that a particular threat against a particular asset will actually occur,
and goes hand-in-hand with capability. While your mobile phone provider has
the capability to access all of your data, the risk of them posting your private
data online to harm your reputation is low.
It is important to distinguish between threats and risks. While a threat is a bad
thing that can happen, risk is the likelihood that the threat will occur. For
instance, there is a threat that your building might collapse, but the risk of this
happening is far greater in San Francisco (where earthquakes are common)
than in Stockholm (where they are not).
Evaluating risk is both a personal and a subjective process; not everyone has
the same priorities or views threats in the same way. Many people find certain
2 din 3
10.11.2014 21:44
https://ssd.e.org/en/playlist/want-security-start...
threats unacceptable no matter what the risk, because the mere presence of
the threat at any likelihood is not worth the cost. In other cases, people
disregard high risks because they don't view the threat as a problem.
In a military context, for example, it might be preferable for an asset to be
destroyed than for it to fall into enemy hands. Conversely, in many civilian
contexts, it's more important for an asset such as email service to be available
than confidential.
SURVEILLANCE-SELF-DEFENSE)
CREDITS (/EN/CREDITS)
ABOUT (/EN/ABOUT-
PRIVACY (HTTPS://WWW.EFF.ORG/POLICY)
(https://www.eff.org/copyright)
3 din 3
10.11.2014 21:44